Tuesday, May 6, 2025
HomeLinuxCritical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

Critical Linux Kernel Vulnerability Let Attackers Execute Arbitrary Code Remotely

Published on

SIEM as a Service

Follow Us on Google News

SMB servers that have ksmbd enabled are vulnerable to hacking due to a major Linux kernel vulnerability (CVSS score of 10). 

KSMBD is a Linux kernel server that uses the SMB3 protocol to share files over the network in kernel space. On vulnerable Linux Kernel installations, an unauthenticated, remote attacker can run any programme.

Linux Kernel ksmbd Use-After-Free RCE

Researchers Arnaud Gatignol, Quentin Minster, Florent Saudel, and Guillaume Teissier from the Thalium Team at Thales Group found the vulnerability on July 26, 2022.

- Advertisement - Google News

The problem was made known to the public on December 22, 2022.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable”, according to the advisory published by ZDI.

According to the reports, the SMB2 TREE DISCONNECT command processing is where the exact flaw is found. 

The problem arises from the failure to validate an object’s existence before performing operations on it. By taking advantage of this flaw, an attacker might execute code within the context of the kernel.

SMB servers using Samba are unaffected, according to researcher Shir Tamari, Head of Research at Wiz IO. He also noted that SMB servers using ksmbd are vulnerable to read access, which could cause server memory to leak (similar to the vulnerability Heartbleed).

“ksmbd is new; most users still use Samba and are not affected. Basically, if you are not running SMB servers with ksmbd, enjoy your weekend.” added Tamari.

Hence, IT teams should do an environmental assessment to make sure any potential vulnerabilities are patched using the most recent Linux release.

Managed DDoS Attack Protection for Applications – Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s NotebookLM Introduces Voice Summaries in Over 50 Languages

Google has significantly expanded the capabilities of NotebookLM, its AI-powered research tool, by introducing...

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

Hackers Exploit Fake Chrome Error Pages to Deploy Malicious Scripts on Windows Users

Hackers are leveraging a sophisticated social engineering technique dubbed "ClickFix" to trick Windows users...

New ClickFix Attack Imitates Ministry of Defence Website to Target Windows & Linux Systems

A newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India's Ministry...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

New ClickFix Attack Imitates Ministry of Defence Website to Target Windows & Linux Systems

A newly identified cyberattack campaign has surfaced, leveraging the recognizable branding of India's Ministry...

Samsung MagicINFO 9 Server Vulnerability Actively Exploited in the Wild

A critical security vulnerability in the Samsung MagicINFO 9 Server has come under active...